package com.springSecurity.test.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity//	开启web安全设置生效
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 构建认证服务，并将对象注入spring IOC容器，用户登录时，会调用该服务进行用户合法信息认证
     * 不查数据库是可以使用测试
     * @return UserDetailsService对象
     */
//    @Bean
//    public UserDetailsService userDetailsService() {
//        //	定义加载用户信息的服务
//        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
//        //	构建用户
//        UserDetails u1 = User
//                .withUsername("admin")
////                .password("{noop}123456")
//                .password("$2a$10$p9io0DAJ3h6JyySlpZZ2mOELFxPnUeznxO21uDBX1hkcVHcHwCtFa")
//                .authorities("P10","ROLE_ADMIN").build();
//        UserDetails u2 = User
//                .withUsername("snow")
////                .password("{noop}123456")   //{noop} 表示明文存储
//                .password("$2a$10$p9io0DAJ3h6JyySlpZZ2mOELFxPnUeznxO21uDBX1hkcVHcHwCtFa")
//                .authorities("P10","ROLE_USER").build();
//        manager.createUser(u1);
//        manager.createUser(u2);
//        return  manager;
//    }
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http.formLogin()
//                .and()
//                .logout()
//                .and()
//                .csrf().disable()
//                .authorizeRequests()
//                .antMatchers("/register").permitAll() //不登录即可访问
//                .antMatchers("/hello").hasAuthority("P1") //具有P1权限才可以访问
//                .antMatchers("/say").hasRole("USER") //具有SELLER 角色才可以访问
//                .anyRequest().authenticated(); //其他的登录之后就可以访问
//            }

    /**
     * 配置密码加密器
     */
    @Bean
    public BCryptPasswordEncoder bcryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http
//                //关闭csrf
//                .csrf().disable()
//                //不通过Session获取SecurityContext
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                .and()
//                .authorizeRequests()
//                // 对于登录接口 允许匿名访问
//                .antMatchers("/user/login").anonymous()
//                // 除上面外的所有请求全部需要鉴权认证
//                .anyRequest().authenticated();
//    }
//
//    @Bean
//    @Override
//    public AuthenticationManager authenticationManagerBean() throws Exception {
//        return super.authenticationManagerBean();
//    }
}
